feat: ssl

Avungard · Sep 8, 2021 · f673266 · f673266
1 parent 9008729
commit f673266
Showing 1 changed file with 3 additions and 2 deletions.
diff --git a/etc/emqx.conf b/etc/emqx.conf
@@ -1361,6 +1361,7 @@ listener.ssl.external.access.1 = allow all
 ## Value: String, seperated by ','
 ## NOTE: Do not use tlsv1.3 if emqx is running on OTP-22 or earlier
 ## listener.ssl.external.tls_versions = tlsv1.3,tlsv1.2,tlsv1.1,tlsv1
+listener.ssl.external.tls_versions = tlsv1.2,tlsv1.1,tlsv1
 
 ## TLS Handshake timeout.
 ##
@@ -1384,14 +1385,14 @@ listener.ssl.external.handshake_timeout = 15s
 ## See: http://erlang.org/doc/man/ssl.html
 ##
 ## Value: File
-listener.ssl.external.keyfile = {{ platform_etc_dir }}/certs/key.pem
+listener.ssl.external.keyfile = /etc/ssl/certs/{{domain_name}}.pem
 
 ## Path to a file containing the user certificate.
 ##
 ## See: http://erlang.org/doc/man/ssl.html
 ##
 ## Value: File
-listener.ssl.external.certfile = {{ platform_etc_dir }}/certs/cert.pem
+listener.ssl.external.certfile = /etc/ssl/certs/{{domain_name}}.pem
 
 ## Path to the file containing PEM-encoded CA certificates. The CA certificates
 ## are used during server authentication and when building the client certificate chain.